CVE-2021-1581

CWE-284 — Improper Access Control CWE-434 — Unrestricted File Upload CWE-78 — OS Command Injection4 documents4 sources

Severity

9.1CRITICAL

EPSS

3.0%

top 13.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Application Policy Infrastructure Controller Cisco Cloud Application Policy Infrastructure Controller Cisco Cisco Application Policy Infrastructure Controller (apic)

Timeline

PublishedAug 25

Latest updateMay 24

Description

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages3 packages

▶CVEListV5cisco/cisco_application_policy_infrastructure_controller_(apic)n/a

▶NVDcisco/cloud_application_policy_infrastructure_controller4.0 — 4.2\(7l\)+2

▶NVDcisco/application_policy_infrastructure_controller4.0 — 4.2\(7l\)+2

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-r62p-gprp-gvww: Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow↗2022-05-24

▶

CVEList

Cisco Application Policy Infrastructure Controller Command Injection and File Upload Vulnerabilities↗2021-08-25

▶

📋Vendor Advisories

Cisco

Cisco Application Policy Infrastructure Controller Command Injection and File Upload Vulnerabilities↗2021-08-25

▶